#ArtztOnData: What Will Biden and Harris do About Data Privacy?

This is not a political blog. I have my views, of course, but this is neither the time nor the place. 

However, with a new administration on its way in, barring circumstances I have trouble imagining, the IT field needs to get ready for changes in the way the federal government approaches data privacy and data privacy litigation. For instance, will a Biden administration try to pass new federal data legislation? Will they try to renegotiate the US’s position on EU data transfers to the US, and so forth?

Will we see privacy legislation?

Washington insiders predict that a Biden administration will make privacy legislation a priority. For Vice President-elect Kamala Harris, in particular, this subject aligns with her history as a senator and California Attorney General. When was AG of California, Harris was engaged in privacy issues related to mobile devices. Her office pushed big tech companies to give consumers greater transparency and control over their data in the “Joint Statement on Principles.” The Privacy Enforcement and Protection Unit of the California AG Office also came into existence during her tenure. Its mandate is to enforce laws affecting identity theft, cyber privacy and data breaches. 

Possible legislation we may see includes consumer privacy bills that recognize an individual’s rights to control their personal information while also requiring businesses to respect those rights. A lot of things would need to be figured out for this to work, such as setting up procedures to enforce the law. Some lucky federal agency will have to be in charge. Also, and this is critical, the legislators would have to decide if new federal privacy laws would preempt existing state laws. Finally, the law would have to determine if consumers would have to sue companies for violating the law, on a personal basis, versus relying on the government to protect their rights. This is known as having a “right of action.”   

Data privacy, the economy, and the Biden administration

As president, Biden will have a big job on his hands revitalizing the economy after the effects of the COVID-19 pandemic. Economic policies might face friction in the form of global data privacy issues, however. Consider that the Court of Justice of the European Union invalidated the EU-US Privacy Shield last July. This framework had been designed to facilitate transfers of data between the US and EU. Now, companies that conduct such transfers—and that’s pretty much every big business in the US—will face a greater regulatory burden. The administration may have to step in and figure out a way to keep commerce moving in spite of such new restrictions.

Potential Biden administration impact on the FTC?

The Biden administration may change the FTC’s enforcement priorities—increasing them in all likelihood. This might take the form of the FTC becoming involved in litigation that alleges negligence under state law. It’s a complicated legal topic, but essentially the issue is whether the FTC will be able to take actions against corporations that violate someone’s privacy, despite adhering to the law’s “reasonable person” standard. This matters because the challenges of handling a lot of private consumer data are quite significant, and it’s highly likely that companies will accidentally violate consumers’ privacy. Changing FTC involvement could mean that corporations will be facing off against the federal government on top of state agencies.

Will data privacy be an issue in fighting the pandemic?

It’s possible that the Biden administration will enact health measures for containing the pandemic that rely on tracking data about cases and contagion. Contact tracing, for example, could easily result in inadvertent invasion of consumers’ privacy. Concerns about this risk had already led congress to introduce bills, such as S. 3663, the “COVID-19 Consumer Data Protection Act of 2020,” and H.R. 6866, the “Public Health Emergency Privacy Act.” These bills proposed setting requirements and controls on government agencies and private businesses that collect health data from employees and members of the public.

The big “If”

Setting the FTC aside for a moment, this entire discussion could be academic. As some are predicting, if we have a divided government in January, with the Senate in the control of the Republican Party and the White House occupied by a Democrat, we may not have all that much legislation being created at all. That would be a shame, because the country definitely needs to address data privacy issues.

The role of data management and orchestration in the upcoming data privacy debates

Changes in the law and regulatory enforcement will have an impact on the way American businesses handle consumers’ private data. If government- or court-imposed penalties become more serious during a Biden administration, the pressure will be on to keep a closer track of private information. Companies will have to get better at knowing what private information they have on hand, and notifying consumers about their rights to have it deleted and so forth.

Addressing this situation is a multi-faceted challenge. No single solution can do it all, despite what the big RDBMS vendors say. Consider: consumer data can flow into an organization from a wide variety of entry points, including web forms, kiosks, ecommerce systems and the like. Keeping on top of it will require solutions that can orchestrate the process of looking up consumer data and correlating duplicate records. Such data orchestration tools will be essential to coping with changes in privacy laws, if they come.